Cloud Computing includes established technologies that potentially reduce costs and increase flexibility. An important part of the cloud is the provisioning of infrastructure (Infrastructure-as-a-Service (IaaS)), in particular for storing large amounts of data. However, this is bedeviled by various risks such as unauthorized access to storage resources or dependence on specific service providers. These issues can be mitigated by software systems. 


Core requirements for reliable cloud storage include security, integrity and availability, these attributes are imperative for transparent and unhindered access to cloud storage resources. CloudRAID is a system developed at the HPI, it provides the above mentioned features and enhances the overall security of cloud storage.

Reference Architecture

The CloudRAID adopts an architecture consisting of a central server and several client applications for desktop PCs, mobile devices and web browsers. The server manages user authentication and the security of metadata in a manner that prevents service providers from intruding into users private information.


Application of RAID concepts to cloud storage

File upload to cloud storage follows three steps: 

  • File is encrypted with symmetric encryption,  the cryptographic hash value is used as the key.
  • A RAID algorithm is applied on the file in order to calculate the parity chunks, which are seperated from the data chunks.
  • The resulting chunks are thereafter distributed to different cloud storage repositories.



File recovery is the reverse of the uploading procedure:

  • A subset of the parity chunks as configured in the original RAID algorithm is required to reconstruct the initial data. This has to be downloaded alongside the available data chunks.
  • The reverse of the RAID algorithm is applied to recover the data, which is still encrypted.
  • The recovered file is then decrypted, note that the symmetric key used for decryption is only known to the user.





Data Security

Each storage vendor is in possession of only a fragment of a file owing to the capacity of the RAID algorithm to seperate a file into multiple chunks, which can be easily reconstructed from a subset of these chunks. Accordingly, an attacker wishing to acquire a file stored in the cloud will have the challenge of getting all the chunks. Moreso, since all chunks are encrypted, there is an additional requirement of obtaining corresponding symmetric keys before successfully accessing data.

Data Availability

Current providers cannot assure users of constant availability of files in their possession. The CloudRAID overcomes this challenge by storing individual chunks at seperate cloud storage repositories thereby defying sole reliance on specific providers. The system also provides users the flexibility of configuring several parameters such as low costs, high bandwidth speed and performance. These factors can be combined to various ways to suit client requirements.

Current State

The initial CloudRAID prototype has been successfully developed and handed over to the Bundesdruckerei, our project partner.  Bundesdruckerei has developed a commercial, enterprise solution called BDrive based on our prototype. The concepts remain largely the same, however several advanced features are included in BDrive. We are still actively researching on the approaches for improving the CloudRAID concepts based on feedback from the customers and contemporary trends.


  • Prof. Dr. Christoph Meinel (Project Manager)
  • Philipp Berger
  • Kennedy Torkura
  • Hendrik Graupner
  • Muhammad Sukmana 

Project Partner

Bundesdruckerei GmbH